To see the other types of publications on this topic, follow the link: Data exfiltration attack.
Journal articles on the topic 'Data exfiltration attack'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Data exfiltration attack.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Zimba, Aaron, and Mumbi Chishimba. "Exploitation of DNS Tunneling for Optimization of Data Exfiltration in Malware-free APT Intrusions." Zambia ICT Journal 1, no. 1 (December 11, 2017): 51–56. http://dx.doi.org/10.33260/zictjournal.v1i1.26.
Full textAbstract:
One of the main goals of targeted attacks include data exfiltration. Attackers penetrate systems using various forms of attack vectors but the hurdle comes in exfiltrating the data. APT attackers even reside in a host for long periods of time whilst seeking the best option to exfiltrate data. Most data exfiltration techniques are prone to detection by intrusion detection system. Therefore, data exfiltration methodologies that generate little noise if any at all are attractive to attackers and can go undetected for long periods owing the low threshold of generated noise in form network traffic and system calls. In this paper, we present malware-free intrusion, an attack methodology which does not explicitly use malware to exfiltrate data. Our attack structure exploits the use of system services and resources not limited to RDP, PowerShell, Windows accessibility backdoor and DNS tunneling. Results show that it’s possible to exfiltrate data from vulnerable hosts using malwarefree intrusion as an infection vector and DNS tunneling as a data exfiltration technique. We test the attack on both Windows and Linux system over different networks. Mitigation techniques are suggested based on traffic analysis captured from the established secure DNS tunnels on the network.
2
Ullah, Faheem, Matthew Edwards, Rajiv Ramdhany, Ruzanna Chitchyan, M. Ali Babar, and Awais Rashid. "Data exfiltration: A review of external attack vectors and countermeasures." Journal of Network and Computer Applications 101 (January 2018): 18–54. http://dx.doi.org/10.1016/j.jnca.2017.10.016.
Full text
3
Do, Quang, Ben Martini, and Kim-Kwang Raymond Choo. "A Data Exfiltration and Remote Exploitation Attack on Consumer 3D Printers." IEEE Transactions on Information Forensics and Security 11, no. 10 (October 2016): 2174–86. http://dx.doi.org/10.1109/tifs.2016.2578285.
Full text
4
Meyers, Vincent, Michael Hefenbrock, Dennis Gnad, and Mehdi Tahoori. "Leveraging Neural Trojan Side-Channels for Output Exfiltration." Cryptography 9, no. 1 (January 7, 2025): 5. https://doi.org/10.3390/cryptography9010005.
Full textAbstract:
Neural networks have become pivotal in advancing applications across various domains, including healthcare, finance, surveillance, and autonomous systems. To achieve low latency and high efficiency, field-programmable gate arrays (FPGAs) are increasingly being employed as accelerators for neural network inference in cloud and edge devices. However, the rising costs and complexity of neural network training have led to the widespread use of outsourcing of training, pre-trained models, and machine learning services, raising significant concerns about security and trust. Specifically, malicious actors may embed neural Trojans within NNs, exploiting them to leak sensitive data through side-channel analysis. This paper builds upon our prior work, where we demonstrated the feasibility of embedding Trojan side-channels in neural network weights, enabling the extraction of classification results via remote power side-channel attacks. In this expanded study, we introduced a broader range of experiments to evaluate the robustness and effectiveness of this attack vector. We detail a novel training methodology that enhanced the correlation between power consumption and network output, achieving up to a 33% improvement in reconstruction accuracy over benign models. Our approach eliminates the need for additional hardware, making it stealthier and more resistant to conventional hardware Trojan detection methods. We provide comprehensive analyses of attack scenarios in both controlled and variable environmental conditions, demonstrating the scalability and adaptability of our technique across diverse neural network architectures, such as MLPs and CNNs. Additionally, we explore countermeasures and discuss their implications for the design of secure neural network accelerators. To the best of our knowledge, this work is the first to present a passive output recovery attack on neural network accelerators, without explicit trigger mechanisms. The findings emphasize the urgent need to integrate hardware-aware security protocols in the development and deployment of neural network accelerators.
5
Sachintha, Shakthi, Nhien-An Le-Khac, Mark Scanlon, and Asanka P. Sayakkara. "Data Exfiltration through Electromagnetic Covert Channel of Wired Industrial Control Systems." Applied Sciences 13, no. 5 (February 24, 2023): 2928. http://dx.doi.org/10.3390/app13052928.
Full textAbstract:
Industrial control systems (ICS) often contain sensitive information related to the corresponding equipment being controlled and their configurations. Protecting such information is important to both the manufacturers and users of such ICSs. This work demonstrates an attack vector on industrial control systems where information can be exfiltrated through a electromagnetic (EM) radiation covert channel from the wired Ethernet connections commonly used by these devices. The attack leverages compromised firmware for the controller—capable of encoding sensitive/critical information into the wired network as packet transmission patterns. The EM radiation from the wired network’s communication is captured without direct physical interaction using a portable software-defined radio, and subsequently demodulated on the attacker’s computer. This covert channel facilitates the exfiltration of data from a distance of up to two metres with a data rate of 10 bps without any significant data loss. The nature of this covert channel demonstrates that having strong firewalls and network security.
6
Singh, Sanjeev Pratap, and Naveed Afzal. "The Mesa Security Model 2.0: A Dynamic Framework for Mitigating Stealth Data Exfiltration." International Journal of Network Security & Its Applications 16, no. 3 (May 29, 2024): 23–40. http://dx.doi.org/10.5121/ijnsa.2024.16302.
Full textAbstract:
The rising complexity of cyber threats calls for a comprehensive reassessment of current security frameworks in business environments. This research focuses on Stealth Data Exfiltration (SDE), a significant cyber threat characterized by covert infiltration, extended undetectability, and unauthorized dissemination of confidential data. Our findings reveal that conventional defense-in-depth strategies often fall short in combating these sophisticated threats, highlighting the immediate need for a shift in information risk management across businesses. The evolving nature of cyber threats, driven by advancements in techniques, such as social engineering, multi-vector attacks, and the emergence of Generative AI, underscores the need for robust, adaptable, and comprehensive security strategies. As we continue to navigate this complex landscape, it is crucial that we stay ahead of the curve, anticipating potential threats, and continually updating our defenses to protect against them. We propose a shift from traditional perimeter-based, prevention-focused models, which depend on a static attack surface, to a more dynamic framework that prepares for inevitable breaches. This suggested model, known as ‘MESA 2.0 Security Model’, prioritizes swift detection, immediate response, and ongoing resilience, thereby enhancing an organization’s ability to promptly identify and neutralize threats, significantly reducing the consequences of security breaches. This study suggests that businesses adopt a forward-thinking and adaptable approach to security management, which is crucial for staying ahead of the ever-changing cyber threat landscape. By shifting focus from merely preventing incidents to effectively managing them, organizations can better safeguard their vital digital assets against the increasingly complex tactics used by contemporary cyber adversaries. This study provides valuable insights and a solid strategic framework that aims to steer the development of future security practices and policies to effectively address and mitigate advanced persistent threats.
7
Chattra, Eka, and Obrin Candra Brillyant. "Implementation of Meltdown Attack Simulation for Cybersecurity Awareness Material." ACMIT Proceedings 7, no. 1 (July 7, 2021): 6–13. http://dx.doi.org/10.33555/acmit.v7i1.102.
Full textAbstract:
One of the rising risk in cybersecurity is an attack on cyber physical system. Today’s computer systems has evolve through the development of processor technology, namely by the use of optimization techniques such as out-of-order execution. Using this technique, processors can improve computing system performance without sacrificing manufacture processes. However, the use of these optimization techniques has vulnerabilities, especially on Intel processors. The vulnerability is in the form of data exfiltration in the cache memory that can be exploit by an attack. Meltdown is an exploit attack that takes advantage of such vulnerabilities in modern Intel processors. This vulnerability can be used to extract data that is processed on that specific computer device using said processors, such as passwords, messages, or other credentials. In this paper, we use qualitative research which aims to describe a simulation approach with experience meltdown attack in a safe environment with applied a known meltdown attack scheme and source code to simulate the attack on an Intel Core i7 platform running Linux OS. Then we modified the source code to prove the concept that the Meltdown attack can extract data on devices using Intel processors without consent from the authorized user.
8
Rietz, René, Radoslaw Cwalinski, Hartmut König, and Andreas Brinner. "An SDN-Based Approach to Ward Off LAN Attacks." Journal of Computer Networks and Communications 2018 (November 21, 2018): 1–12. http://dx.doi.org/10.1155/2018/4127487.
Full textAbstract:
The detection of attacks on large administrative network domains is nowadays generally accomplished centrally by analyzing the data traffic on the uplink to the Internet. The first phase of an infection is usually difficult to observe. Often attackers use e-mail attachments or external media, such as USB sticks, hardware with preinstalled malware, or contaminated mobile devices to infect target systems. In such scenarios, the initial infection cannot be blocked at the network level. The lateral movement of attack programs (exploits) through internal networks and the exfiltration of data, however, which are the main purpose of targeted attacks, run always over the network. Security measures against such internal network attacks require a comprehensive monitoring concept that spans the entire network to its edge. Especially for preventive measures, this means providing a security concept for local area networks (LANs). In this paper, we propose based on an analysis of typical LAN-based attacks an approach for preventing these attacks for both IPv4 and IPv6 networks. It applies the software-defined networking (SDN) paradigm for centralizing the related network decisions in a central authority—the SDN controller—that manages all network connections and hence the associated data flows.
9
Acar, Gunes, Steven Englehardt, and Arvind Narayanan. "No boundaries: data exfiltration by third parties embedded on web pages." Proceedings on Privacy Enhancing Technologies 2020, no. 4 (October 1, 2020): 220–38. http://dx.doi.org/10.2478/popets-2020-0070.
Full textAbstract:
AbstractWe investigate data exfiltration by third-party scripts directly embedded on web pages. Specifically, we study three attacks: misuse of browsers’ internal login managers, social data exfiltration, and whole-DOM exfiltration. Although the possibility of these attacks was well known, we provide the first empirical evidence based on measurements of 300,000 distinct web pages from 50,000 sites. We extend OpenWPM’s instrumentation to detect and precisely attribute these attacks to specific third-party scripts. Our analysis reveals invasive practices such as inserting invisible login forms to trigger autofilling of the saved user credentials, and reading and exfiltrating social network data when the user logs in via Facebook login. Further, we uncovered password, credit card, and health data leaks to third parties due to wholesale collection of the DOM. We discuss the lessons learned from the responses to the initial disclosure of our findings and fixes that were deployed by the websites, browser vendors, third-party libraries and privacy protection tools.
10
Aksoy, Ahmet, Luis Valle, and Gorkem Kar. "Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection." Electronics 13, no. 2 (January 9, 2024): 293. http://dx.doi.org/10.3390/electronics13020293.
Full textAbstract:
The cybersecurity landscape presents daunting challenges, particularly in the face of Denial of Service (DoS) attacks such as DoS Http Unbearable Load King (HULK) attacks and DoS GoldenEye attacks. These malicious tactics are designed to disrupt critical services by overwhelming web servers with malicious requests. In contrast to DoS attacks, there exists nefarious Operating System (OS) scanning, which exploits vulnerabilities in target systems. To provide further context, it is essential to clarify that NMAP, a widely utilized tool for identifying host OSes and vulnerabilities, is not inherently malicious but a dual-use tool with legitimate applications, such as asset inventory services in company networks. Additionally, Domain Name System (DNS) botnets can be incredibly damaging as they harness numerous compromised devices to inundate a target with malicious DNS traffic. This can disrupt online services, leading to downtime, financial losses, and reputational damage. Furthermore, DNS botnets can be used for other malicious activities like data exfiltration, spreading malware, or launching other cyberattacks, making them a versatile tool for cybercriminals. As attackers continually adapt and modify specific attributes to evade detection, our paper introduces an automated detection method that requires no expert input. This innovative approach identifies the distinct characteristics of DNS botnet attacks, DoS HULK attacks, DoS GoldenEye attacks, and OS-Scanning, explicitly using the NMAP tool, even when attackers alter their tactics. By harnessing a representative dataset, our proposed method ensures robust detection of such attacks against varying attack parameters or behavioral shifts. This heightened resilience significantly raises the bar for attackers attempting to conceal their malicious activities. Significantly, our approach delivered outstanding outcomes, with a mid 95% accuracy in categorizing NMAP OS scanning and DNS botnet attacks, and 100% for DoS HULK attacks and DoS GoldenEye attacks, proficiently discerning between malevolent and harmless network packets. Our code and the dataset are made publicly available.
11
Mohamed, Nachaat. "Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework." F1000Research 11 (September 29, 2022): 422. http://dx.doi.org/10.12688/f1000research.109148.3.
Full textAbstract:
Background: Microsoft Windows Security is a recently implemented safeguard for the Windows operating systems, including the latest versions of Windows10 and 11. However, there is a major shortcoming in this system to stop Advanced Persistent Threat (APT). These are government-financed groups that are funded to attack other government entities. Following the initial security breach, the hacked Windows device is used to access the rest of the network devices in order to transfer data to external storage (Exfiltration). Methods: In this work, we have tested the Microsoft Windows Security system using MITRE CALDERA and ATT&CK frameworks and explain how APT groups are able to bypass Windows Security. Results: In this study we used "54ndc47" agent through GoLang feature in MITRE CALDERA platform to test and bypass Microsoft Windows Security systems (MS Windows 10). Through it, we were able to bypass the Windows Security system and display entire files in the victim's device. Conclusions: In this paper, we have provided recommendations to Microsoft to improve their Windows Security tool through the use of Artificial intelligence (AI).
12
Mohamed, Nachaat. "Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework." F1000Research 11 (May 25, 2022): 422. http://dx.doi.org/10.12688/f1000research.109148.2.
Full textAbstract:
Background: Microsoft Windows Security is a recently implemented safeguard for the Windows operating systems, including the latest versions of Windows10 and 11. However, there is a major shortcoming in this system to stop Advanced Persistent Threat (APT). These are government-financed groups that are funded to attack other government entities. Following the initial security breach, the hacked Windows device is used to access the rest of the network devices in order to transfer data to external storage (Exfiltration). Methods: In this work, we have tested the Microsoft Windows Security system using MITRE CALDERA and ATT&CK frameworks and explain how APT groups are able to bypass Windows Security. Results: In this study we used "54ndc47" agent through GoLang feature in MITRE CALDERA platform to test and bypass Microsoft Windows Security systems (MS Windows 10). Through it, we were able to bypass the Windows Security system and display entire files in the victim's device. Conclusions: In this paper, we have provided recommendations to Microsoft to improve their Windows Security tool through the use of Artificial intelligence (AI).
13
Mohamed, Nachaat. "Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework." F1000Research 11 (April 14, 2022): 422. http://dx.doi.org/10.12688/f1000research.109148.1.
Full textAbstract:
Background: Microsoft Windows Security is a recently implemented safeguard for the Windows operating systems, including the latest versions of Windows10 and 11. However, there is a major shortcoming in this system to stop Advanced Persistent Threat (APT). These are government-financed groups that are funded to attack other government entities. Following the initial security breach, the hacked Windows device is used to access the rest of the network devices in order to transfer data to external storage (Exfiltration). Methods: In this work, we have tested the Microsoft Windows Security system using MITRE CALDERA and ATT&CK frameworks and explain how APT groups are able to bypass Windows Security. Results: In this study we used "54ndc47" agent through GoLang feature in MITRE CALDERA platform to test and bypass Microsoft Windows Security systems (MS Windows 10). Through it, we were able to bypass the Windows Security system and display entire files in the victim's device. Conclusions: In this paper, we have provided recommendations to Microsoft to improve their Windows Security tool through the use of Artificial intelligence (AI).
14
Hagen, Raymond André, and Kirsi Helkala. "Complexity of Contemporary Indicators of Compromise." European Conference on Cyber Warfare and Security 23, no. 1 (June 21, 2024): 697–707. http://dx.doi.org/10.34190/eccws.23.1.2149.
Full textAbstract:
The cybersecurity landscape has undergone substantial transformation, especially in the sphere of Advanced Persistent Threats (APT). These evolving threats, marked by increased sophistication, scale, and impact, require the critical revaluation of traditional security models and the development of more advanced defensive strategies. This study offers a comprehensive analysis of the progress in APT attack methodologies over the past 30 years, focused on the evolving nature of compromise (IoCs) and their role in shaping future predictive and defensive mechanisms. Using a rigorous methodological approach, this survey systematically reviewed 21 significant APT incidents that span three decades. This includes integrating data from various sources such as academic journals, specialised cybersecurity blogs, and media reports. Using comparative and analytical methods, this study dissects each incident to provide an intricate understanding of the APT landscape and the evolution of IoCs. Our findings indicate a notable change in thinking from isolated hacker activities to organised state-sponsored APT operations driven by complex motives such as political espionage, economic disruption, and national security interests. Advancements in APTs are characterised by sophisticated persistence mechanisms, innovative attack vectors, advanced lateral movement within networks, and more covert data exfiltration and evasion methods.This study emphasises the difficulties in detecting advanced persistent threat (APT) activities due to their sophisticated and secretive nature. This stresses the importance of thoroughly investigating the evidence of such activities and highlights the need for a dynamic and initiative-cybersecurity approach. This study also highlights the crucial role of integrating IoC understanding into AI-driven predictive models and frameworks to predict potential APT. This integration is essential for the development of pre-emptive defence strategies. This study provides valuable information on the evolving dynamics of cyber threats and emphasises the urgent need for forward-thinking adaptive cybersecurity strategies. It offers a framework for understanding the complexities of modern APTs and guides the development of more effective AI-enhanced defence mechanisms against emerging cyber threats.
15
Sabir, Bushra, Faheem Ullah, M. Ali Babar, and Raj Gaire. "Machine Learning for Detecting Data Exfiltration." ACM Computing Surveys 54, no. 3 (June 2021): 1–47. http://dx.doi.org/10.1145/3442181.
Full textAbstract:
Context : Research at the intersection of cybersecurity, Machine Learning (ML), and Software Engineering (SE) has recently taken significant steps in proposing countermeasures for detecting sophisticated data exfiltration attacks. It is important to systematically review and synthesize the ML-based data exfiltration countermeasures for building a body of knowledge on this important topic. Objective : This article aims at systematically reviewing ML-based data exfiltration countermeasures to identify and classify ML approaches, feature engineering techniques, evaluation datasets, and performance metrics used for these countermeasures. This review also aims at identifying gaps in research on ML-based data exfiltration countermeasures. Method : We used Systematic Literature Review (SLR) method to select and review 92 papers. Results : The review has enabled us to: (a) classify the ML approaches used in the countermeasures into data-driven, and behavior-driven approaches; (b) categorize features into six types: behavioral, content-based, statistical, syntactical, spatial, and temporal; (c) classify the evaluation datasets into simulated, synthesized, and real datasets; and (d) identify 11 performance measures used by these studies. Conclusion : We conclude that: (i) The integration of data-driven and behavior-driven approaches should be explored; (ii) There is a need of developing high quality and large size evaluation datasets; (iii) Incremental ML model training should be incorporated in countermeasures; (iv) Resilience to adversarial learning should be considered and explored during the development of countermeasures to avoid poisoning attacks; and (v) The use of automated feature engineering should be encouraged for efficiently detecting data exfiltration attacks.
16
Wilson, PhD, Duane, and Jeff Avery. "Mitigating Data Exfiltration in SaaS Clouds." Journal of Business, Technology and Leadership 1, no. 1 (April 17, 2019): 9. http://dx.doi.org/10.54845/btljournal.v1i1.2.
Full textAbstract:
Existing processes and methods for incident handling are geared towards infrastructures and operational models that will be increasingly outdated by cloud computing. Research has shown that to adapt incident handling to cloud computing environments, cloud customers must establish clarity about their requirements on Cloud Service Providers (CSPs) for successful handling of incidents and contract CSPs accordingly. Secondly, CSPs must strive to support these requirements and mirror them in their Service Level Agreements. Intrusion Detection Systems (IDS) have been used widely to detect malicious behaviors in network communication and hosts. Facing new application scenarios in Cloud Computing, the IDS approaches yield several problems since the operator of the IDS should be the user, not the administrator of the Cloud infrastructure. Cloud providers need to enable possibilities to deploy and configure IDS for the user - which poses its own challenges. Current research and commercial solutions primarily focus on protecting against Denial of Service attacks and attacks against the Cloud’s virtual infrastructure. To counter these challenges, we propose a capability that aims to both detect and prevent the potential of data exfiltration by using a novel deception-based methodology. We also introduce a method of increasing the data protection level based on various threat conditions.
17
Willems, Daan, Katharina Kohls, Bob van der Kamp, and Harald Vranken. "Data Exfiltration Detection on Network Metadata with Autoencoders." Electronics 12, no. 12 (June 8, 2023): 2584. http://dx.doi.org/10.3390/electronics12122584.
Full textAbstract:
We designed a Network Exfiltration Detection System (NEDS) to detect data exfiltration as occurring in ransomware attacks. The NEDS operates on aggregated metadata, which is more privacy-friendly and allows analysis of large volumes of high-speed network traffic. The NEDS aggregates metadata from multiple, sequential sessions between pairs of hosts in a network, which captures exfiltration by both stateful and stateless protocols. The aggregated metadata include averages per session of both packet count, request entropy, duration, and payload size, as well as the average time between sequential sessions and the amount of aggregated sessions. The NEDS applies a number of autoencoder models with unsupervised learning to detect anomalies, where each autoencoder model targets different protocols. We trained the autoencoder models with real-life data collected at network sensors in the National Detection Network as operated by the National Cyber Security Centre in the Netherlands, and configured the detection threshold by varying the false positive rate. We evaluated the detection performance by injecting exfiltration over different channels, including DNS tunnels and uploads to FTP servers, web servers, and cloud storage. Our experimental results show that aggregation significantly increases detection performance of exfiltration that happens over longer time, most notably, DNS tunnels. Our NEDS can be applied to detect exfiltration either in near-real-time data analysis with limited false positive rates, or in captured data to aid in post-incident analysis.
18
Mundt, Michael, and Harald Baier. "Enabling Protection Against Data Exfiltration by Implementing ISO 27001:2022 Update." International Journal on Cybernetics & Informatics 12, no. 5 (August 12, 2023): 43–59. http://dx.doi.org/10.5121/ijci.2023.120505.
Full textAbstract:
The risk of data theft has increased significantly over the past years. As a consequence, overwhelming damage is caused to institutions and private persons, respectively. Even the widespread ISO standard 27001 was updated recently in October 2022 to integrate data exfiltration aspects. Corresponding new security controls have been introduced. In this paper we review the ISO 27001:2022 with respect to data exfiltration and come up with recommendations on how recently integrated ISO 27001:2022 controls can be used in an operational environment. Based on that, we introduce and demonstrate the effectiveness of a proactive and dynamic concept by integrating a simulation cycle into the Information Security Management System (ISMS) and using cyber threat intelligence to provide us with information about current threats. We provide a prototype for the threat simulation cycle based on a smart combination of established and widely accepted cyber defence tools. Within our evaluation we show the feasibility of our targeted and dynamically configurable simulation of data exfiltration threats and thus support to thwart the actual cyber-attacks in advance. In all we contribute to prevent (or at least make it significantly more difficult) the threat of data exfiltration. Dynamic, threat aware and preventive cyber-defence is our objective, and we provide an updated concept which integrates conclusively into an ISO 27001:2022 compliant ISMS.
19
Jabar, Farah H. A., Janatul Islah Mohammad, Ahmad Faizal Mohd Zain, and Abu Bakar Hasan. "Data Exfiltration of Ultrasonic Signal in Computer Security System: A Review." Indonesian Journal of Electrical Engineering and Computer Science 10, no. 2 (May 1, 2018): 490. http://dx.doi.org/10.11591/ijeecs.v10.i2.pp490-497.
Full textAbstract:
It is crucial for public users and service providers to stay abreast of the progress and trends on data exfiltration in computer security system. In cryptosystem, it is unnoticeable for computer and mobile users to realize that inaudible sound used to transmit signals carrying pervasive sensitive data was in the low frequency ultrasonic range. Acoustic attacks on ultrasonic signal emanated by electronic devices have long been investigated among researchers. This paper is an exploration on the practicality of ultrasonic data exfiltration between computers in term of computer security system. It will discuss some work done by previous researchers in general, based on scientific, technological, and security perspectives. There will be inclusions of practical applications already in existence as well as future studies in related fields.
20
Masters, Andrew, and Vijay K. Madisetti. "Side-Channel Attacks & Data Exfiltration Using Wall Outlet USB Power Adapters." Journal of Information Security 15, no. 04 (2024): 433–47. http://dx.doi.org/10.4236/jis.2024.154025.
Full text
21
Abualghanam, Orieb, Hadeel Alazzam, Basima Elshqeirat, Mohammad Qatawneh, and Mohammed Amin Almaiah. "Real-Time Detection System for Data Exfiltration over DNS Tunneling Using Machine Learning." Electronics 12, no. 6 (March 20, 2023): 1467. http://dx.doi.org/10.3390/electronics12061467.
Full textAbstract:
The domain name system (DNS) plays a vital role in network services for name resolution. By default, this service is seldom blocked by security solutions. Thus, it has been exploited for security breaches using the DNS covert channel (tunnel). One of the greatest current data leakage techniques is DNS tunneling, which uses DNS packets to exfiltrate sensitive and confidential data. Data protection against stealthy exfiltration attacks is critical for human beings and organizations. As a result, many security techniques have been proposed to address exfiltration attacks starting with building security policies and ending with designing security solutions, such as firewalls, intrusion detection or prevention, and others. In this paper, a hybrid DNS tunneling detection system has been proposed based on the packet length and selected features for the network traffic. The proposed system takes advantage of the outcome results conducted using the testbed and Tabu-PIO feature selection algorithm. The evolution of the proposed system has already been completed using three distinct datasets. The experimental outcome results show that the proposed hybrid approach achieved 98.3% accuracy and a 97.6% F-score in the DNS tunneling datasets, which outperforms the other related works’ techniques using the same datasets. Moreover, when the packet length was added into the hybrid approach, the run-time shows better results than when Tabu-PIO was used when the size of the data increases.
22
Al-Kadhimi, Amjed Ahmed, Manmeet Mahinderjit Singh, and Mohd Nor Akmal Khalid. "A Systematic Literature Review and a Conceptual Framework Proposition for Advanced Persistent Threats (APT) Detection for Mobile Devices Using Artificial Intelligence Techniques." Applied Sciences 13, no. 14 (July 10, 2023): 8056. http://dx.doi.org/10.3390/app13148056.
Full textAbstract:
Advanced persistent threat (APT) refers to a specific form of targeted attack used by a well-organized and skilled adversary to remain undetected while systematically and continuously exfiltrating sensitive data. Various APT attack vectors exist, including social engineering techniques such as spear phishing, watering holes, SQL injection, and application repackaging. Various sensors and services are essential for a smartphone to assist in user behavior that involves sensitive information. Resultantly, smartphones have become the main target of APT attacks. Due to the vulnerability of smartphone sensors, several challenges have emerged, including the inadequacy of current methods for detecting APTs. Nevertheless, several existing APT solutions, strategies, and implementations have failed to provide comprehensive solutions. Detecting APT attacks remains challenging due to the lack of attention given to human behavioral factors contributing to APTs, the ambiguity of APT attack trails, and the absence of a clear attack fingerprint. In addition, there is a lack of studies using game theory or fuzzy logic as an artificial intelligence (AI) strategy for detecting APT attacks on smartphone sensors, besides the limited understanding of the attack that may be employed due to the complex nature of APT attacks. Accordingly, this study aimed to deliver a systematic review to report on the extant research concerning APT detection for mobile sensors, applications, and user behavior. The study presents an overview of works performed between 2012 and 2023. In total, 1351 papers were reviewed during the primary search. Subsequently, these papers were processed according to their titles, abstracts, and contents. The resulting papers were selected to address the research questions. A conceptual framework is proposed to incorporate the situational awareness model in line with adopting game theory as an AI technique used to generate APT-based tactics, techniques, and procedures (TTPs) and normal TTPs and cognitive decision making. This framework enhances security awareness and facilitates the detection of APT attacks on smartphone sensors, applications, and user behavior. It supports researchers in exploring the most significant papers on APTs related to mobile sensors, services, applications, and detection techniques using AI.
23
Hakim, Arif Rahman, Kalamullah Ramli, Muhammad Salman, and Esti Rahmawati Agustina. "Improving Model Performance for Predicting Exfiltration Attacks Through Resampling Strategies." IIUM Engineering Journal 26, no. 1 (January 10, 2025): 420–36. https://doi.org/10.31436/iiumej.v26i1.3547.
Full textAbstract:
Addressing class imbalance is critical in cybersecurity applications, particularly in scenarios like exfiltration detection, where skewed datasets lead to biased predictions and poor generalization for minority classes. This study investigates five Synthetic Minority Oversampling Technique (SMOTE) variants, including BorderlineSMOTE, KMeansSMOTE, SMOTEENC, SMOTEENN, and SMOTETomek, to mitigate severe imbalance in our customized tactic-labeled dataset with dominant majority class influence and weak class separability class imbalance. We use seven imbalance metrics to assess each SMOTE variant’s impact on class distribution stability and separability. Furthermore, we evaluate model performance across five classifiers: Logistic Regression, Naïve Bayes, Support Vector Machine, Random Forest, and XGBoost. Findings reveal that SMOTEENN consistently enhances performance metrics (accuracy, precision, recall, F1-score, and geometric mean) on an average of 99% across most classifiers, establishing itself as the most adaptable variant for handling imbalance. This study provides a comprehensive framework for selecting resampling strategies to enhance classification efficacy in cybersecurity tasks with imbalanced data.
24
Li, Richard, and Michail Tsikerdekis. "Hourly Network Anomaly Detection on HTTP Using Exponential Random Graph Models and Autoregressive Moving Average." Journal of Cybersecurity and Privacy 3, no. 3 (August 1, 2023): 435–50. http://dx.doi.org/10.3390/jcp3030022.
Full textAbstract:
Network anomaly detection solutions can analyze a network’s data volume by protocol over time and can detect many kinds of cyberattacks such as exfiltration. We use exponential random graph models (ERGMs) in order to flatten hourly network topological characteristics into a time series, and Autoregressive Moving Average (ARMA) to analyze that time series and to detect potential attacks. In particular, we extend our previous method in not only demonstrating detection over hourly data but also through labeling of nodes and over the HTTP protocol. We demonstrate the effectiveness of our method using real-world data for creating exfiltration scenarios. We highlight how our method has the potential to provide a useful description of what is happening in the network structure and how this can assist cybersecurity analysts in making better decisions in conjunction with existing intrusion detection systems. Finally, we describe some strengths of our method, its accuracy based on the right selection of parameters, as well as its low computational requirements.
25
Antić, Vladimir, Danijela Protić, Miomir Stanković, Radomir Prodanović, Miodrag Manić, Gordana Ostojić, Stevan Stankovski, and Denis Kučević. "Protecting Data at Risk of Unintentional Electromagnetic Emanation: TEMPEST Profiling." Applied Sciences 14, no. 11 (June 3, 2024): 4830. http://dx.doi.org/10.3390/app14114830.
Full textAbstract:
Unintentional electromagnetic (EM) emissions often include information about the data processed by electronic devices. Intrusion based on an unintentional EM emission leaves no evidence of an attacker’s activity, while the data owner is unaware that it has been lost. EM attacks can be performed without physically damaging a device that operates regularly. The most typical intrusion activities involve sensitive data exfiltration using various methods that do not require the physical connection of devices to the computer network or communication channels. This research examines EM emissions from computer monitors, wireless keyboards and mice, printers, scanners, conductors, piezoelectric sensors (PES), and radio frequency identification (RFID) devices. The telecommunication electronics material protected from emanating spurious transmissions (TEMPEST) profiling as a performance engineering of the EM footprint is discussed. This study also presents different TEMPEST standards and highlights their importance concerning unintentional EM radiation.
26
Karthikeyan, Swathi Priya. "Rising Threat of AI-Driven Cybersecurity Attacks: Implications for National Security." International Journal for Research in Applied Science and Engineering Technology 12, no. 9 (September 30, 2024): 756–62. http://dx.doi.org/10.22214/ijraset.2024.64042.
Full textAbstract:
This article examines the growing threat of AI-driven cybersecurity attacks and their implications for national security. It explores three critical case studies: the SolarWinds hack, which demonstrated AI-enhanced data exfiltration; DeepLocker, an AI-powered malware concept showcasing precision targeting capabilities; and AI-enhanced disinformation campaigns. These examples illustrate how artificial intelligence is weaponized in cyberspace, presenting unprecedented challenges to national security. The article analyzes the key features, potential impacts, and lessons learned from each case, highlighting the urgent need for adaptive defense strategies, international cooperation, and ethical AI development practices to safeguard national interests in the digital age.
27
Chignell, Mark H., Mu-Huan Chung, Yuhong Yang, Greg Cento, and Abhay Raman. "Human Factors in Interactive Machine Learning: A Cybersecurity Case Study." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 65, no. 1 (September 2021): 1495–99. http://dx.doi.org/10.1177/1071181321651206.
Full textAbstract:
Cybersecurity is emerging as a major issue for many organizations and countries. Machine learning has been used to recognize threats, but it is difficult to predict future threats based on past events, since malicious attackers are constantly finding ways to circumvent defences and the algorithms that they rely on. Interactive Machine learning (iML) has been developed as a way to combine human and algorithmic expertise in a variety of domains and we are currently applying it to cybersecurity. In this application of iML, implicit knowledge about human behaviour, and about the changing nature of threats, can supplement the explicit knowledge encoded in algorithms to create more effective defences against cyber-attacks. In this paper we present the example problem of data exfiltration where insiders, or outsiders masquerading as insiders, who copy and transfer data maliciously, against the interests of an organization. We will review human factors issues associated with the development of iML solutions for data exfiltration. We also present a case study involving development of an iML solution for a large financial services company. In this case study we review work carried out on developing visualization dashboards and discussing prospects for further iML integration. Our goal in writing this paper is to motivate future researchers to consider the role of the human more fully in ML, not only in the data exfiltration and cybersecurity domain but also in a range of other applications where human expertise is important and needs to combine with ML prediction to solve challenging problems.
28
Salat, Lehel, Mastaneh Davis, and Nabeel Khan. "DNS Tunnelling, Exfiltration and Detection over Cloud Environments." Sensors 23, no. 5 (March 2, 2023): 2760. http://dx.doi.org/10.3390/s23052760.
Full textAbstract:
The domain name system (DNS) protocol is fundamental to the operation of the internet, however, in recent years various methodologies have been developed that enable DNS attacks on organisations. In the last few years, the increased use of cloud services by organisations has created further security challenges as cyber criminals use numerous methodologies to exploit cloud services, configurations and the DNS protocol. In this paper, two different DNS tunnelling methods, Iodine and DNScat, have been conducted in the cloud environment (Google and AWS) and positive results of exfiltration have been achieved under different firewall configurations. Detection of malicious use of DNS protocol can be a challenge for organisations with limited cybersecurity support and expertise. In this study, various DNS tunnelling detection techniques were utilised in a cloud environment to create an effective monitoring system with a reliable detection rate, low implementation cost, and ease of use for organisations with limited detection capabilities. The Elastic stack (an open-source framework) was used to configure a DNS monitoring system and to analyse the collected DNS logs. Furthermore, payload and traffic analysis techniques were implemented to identify different tunnelling methods. This cloud-based monitoring system offers various detection techniques that can be used for monitoring DNS activities of any network especially accessible to small organisations. Moreover, the Elastic stack is open-source and it has no limitation with regards to the data that can be uploaded daily.
29
Ivanova, Vanya, Tasho Tashev, and Ivo Draganov. "Detection of IoT based DDoS Attacks by Network Traffic Analysis using Feedforward Neural Networks." International Journal of Circuits, Systems and Signal Processing 16 (January 15, 2022): 653–62. http://dx.doi.org/10.46300/9106.2022.16.81.
Full textAbstract:
In this paper an optimized feedforward neural network model is proposed for detection of IoT based DDoS attacks by network traffic analysis aimed towards a specific target which could be constantly monitored by a tap. The proposed model is applicable for DoS and DDoS attacks which consist of TCP, UDP and HTTP flood and also against keylogging, data exfiltration, OS fingerprint and service scan activities. It simply differentiates such kind of network traffic from normal network flows. The neural network uses Adam optimization as a solver and the hyperbolic tangent activation function in all neurons from a single hidden layer. The number of hidden neurons could be varied, depending on targeted accuracy and processing speed. Testing over the Bot IoT dataset reveals that developed models are applicable using 8 or 10 features and achieved discrimination error of 4.91.10-3%.
30
Biberaj, Aleksander, Enida Sheme, Alban Rakipi, Sonila Xhaferllari, Renalda Kushe, and Mirjeta Alinci. "Cyber Attack Against E-Albania and Its Social, Economic and Strategic Effects." Journal of Corporate Governance, Insurance, and Risk Management 9, no. 2 (December 31, 2022): 341–47. http://dx.doi.org/10.56578/jcgirm090204.
Full textAbstract:
Purpose: During last years, even because of pandemic situation caused by covid-19 virus, in Albania most of governmental public services for citizens, businesses and other customers were offered in an electronic way by creating a national database (e-Albania), offering more than 2200 services. As this electronic system was newly implemented, time after time it was attacked from hackers in different sectors of services, causing the interruption of service for hours, downloading all the confidential information and publishing them. After several partial attacks, in July 2022 came the general attack of the whole system, which black out the system and services for several days. Cyber actors - identifying as “HomeLand Justice” - launched a destructive cyber-attack against e-Albania which rendered websites and services unavailable. An investigation indicates cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber-attack, which included a ransomware-style file encryptor and disk wiping malware. The actors maintained continuous network access for approximately a year, periodically accessing and exfiltrating e-mail content. From late July to mid-August 2022, social media accounts associated with HomeLand Justice demonstrated a repeated pattern of advertising Albanian Government information for release, posting a poll asking respondents to select the government information to be released by HomeLand Justice, and then releasing that information - either in a .zip file or a video of a screen recording with the documents shown. This cyber-attack creates social problems, economical loss and influenced negatively in the reputation of e-Albania and damage as well strategically the country and development of this sector in the future. Methodology: We have monitored the system and the attack, and we continue to do this. We analyze and synthesis the data collected, to come to conclusions and recommendations needed for the future. All the data which we have used are open for public, and mostly are primary data. The research method combines both quantitative and qualitative methods, but it is closer with qualitative method, as far as there in not enough data for using e pure quantitative analysis. We have used mostly the descriptive method. Results/Findings: Improving essentially the cyber infrastructure to avoid in the future such attacks with high social, economic and strategical cost. Conclusions: In the institution there was not a team for Cyber Security Monitoring the system, so called SOC (Security Operation Center), who controls in the real time all the logins. It was missing as well so called “Identifying Behavior”. There was not e separation of active directory, in physic machines and virtual machines, they were altogether. As the administrator had Full Right Privilege, the hacker doesn’t need to create a Privilege Escalation Vertical, so he easily took all the right of Admin. Originality and Practical Implications: The paper is original; it has not been previously published and it is not under consideration by any other publisher. The originality of the method stands in the fact that it is the first case in the world in information age, that a country (a whole electronic system, e-Albania), face a such complex, well organized and hard cyber-attack, which collapse the system for several days. All the data are authentic ones.
31
S. Shangavi and Dr. T. Suresh Kumar. "A Covert Timing Channels Data Encryption Sceme In Cloud Simulation." South Asian Journal of Engineering and Technology 14, no. 2 (April 30, 2024): 7–10. http://dx.doi.org/10.26524/sajet.2023.14.3.
Full textAbstract:
Covert Timing Channels (CTC) have become an impending network security problem as the sophistication and use of data exfiltration carried out by cyber-attacks has increased. Inter-arrival periods are used by these channels to steal sensitive data from targeted networks. Machine learning approaches are increasingly being used to detect CTCs, which use statistical-based measures to distinguish malicious (covert) traffic flows from genuine (overt) traffic flows. Given the attempts of cyber-attacks to elude detection and the expanding column of CTCs, covert channels detection must increase in both performance and precision in order to detect and prevent CTCs, as well as reduce the quality of service degradation caused by the detection process. We provide a new image-based method for fully autonomous vehicles in this research. Our strategy is based on the fact that covert channels provide communications that can be transformed into colored visuals. Our approach is based on this observation and is meant to detect and find the malicious part (i.e., a sequence of packets) within a traffic flow automatically. Our technique lowers the drop in service quality caused by blocking complete traffic flows in which hidden channels are found by finding the covert components within traffic flows. To detect covert traffic, we first convert traffic flows into colored images and then extract image-based attributes. We use these attributes to train a classifier on a huge dataset of covert and overt traffic. We use these attributes to train a classifier on a huge dataset of covert and overt traffic. This method achieves remarkable results, with a detection accuracy of 95.83 percent for cautious CTCs and a covert traffic accuracy of 97.83 percent for 8-bit covert messages, much above the capabilities of commonly used statistical-based solutions.
32
Ghali, Abdulrahman Aminu, Rohiza Ahmad, and Hitham Alhussian. "A Framework for Mitigating DDoS and DOS Attacks in IoT Environment Using Hybrid Approach." Electronics 10, no. 11 (May 27, 2021): 1282. http://dx.doi.org/10.3390/electronics10111282.
Full textAbstract:
The Internet of Things (IoT) has gained remarkable acceptance from millions of individuals. This is evident in the extensive use of intelligent devices such as smartphones, smart television, speakers, air conditioning, lighting, and high-speed networks. The general application area of IoT includes industries, hospitals, schools, homes, sports, oil and gas, automobile, and entertainment, to mention a few. However, because of the unbounded connection of IoT devices and the lack of a specific method for overseeing communication, security concerns such as distributed denial of service (DDoS), denial of service (DoS), replay, botnet, social engineering, man-in-the-middle, and brute force attacks have posed enormous challenges in the IoT environment. Regarding these enormous challenges, this study focuses on DDoS and DoS attacks. These two attacks have the most severe consequences in the IoT environment. The solution proposed in this study can also help future researchers tackle the expansion of IoT security threats. Moreover, the study conducts rigorous experiments to assess the efficiency of the proposed approach. In summary, the experimental results show that the proposed hybrid approach mitigates data exfiltration caused by DDoS and DoS attacks by 95.4%, with average network lifetime, energy consumption, and throughput improvements of 15%, 25%, and 60%, respectively.
33
Alazzam, Hadeel, Aryaf Al-Adwan, Orieb Abualghanam, Esra’a Alhenawi, and Abdulsalam Alsmady. "An Improved Binary Owl Feature Selection in the Context of Android Malware Detection." Computers 11, no. 12 (November 30, 2022): 173. http://dx.doi.org/10.3390/computers11120173.
Full textAbstract:
Recently, the proliferation of smartphones, tablets, and smartwatches has raised security concerns from researchers. Android-based mobile devices are considered a dominant operating system. The open-source nature of this platform makes it a good target for malware attacks that result in both data exfiltration and property loss. To handle the security issues of mobile malware attacks, researchers proposed novel algorithms and detection approaches. However, there is no standard dataset used by researchers to make a fair evaluation. Most of the research datasets were collected from the Play Store or collected randomly from public datasets such as the DREBIN dataset. In this paper, a wrapper-based approach for Android malware detection has been proposed. The proposed wrapper consists of a newly modified binary Owl optimizer and a random forest classifier. The proposed approach was evaluated using standard data splits given by the DREBIN dataset in terms of accuracy, precision, recall, false-positive rate, and F1-score. The proposed approach reaches 98.84% and 86.34% for accuracy and F-score, respectively. Furthermore, it outperforms several related approaches from the literature in terms of accuracy, precision, and recall.
34
Vetter, Michael. "MODEL-BASED SECURITY ANALYSIS OF FPGA DESIGNS THROUGH REINFORCEMENT LEARNING." Acta Polytechnica 59, no. 5 (November 1, 2019): 518–26. http://dx.doi.org/10.14311/ap.2019.59.0518.
Full textAbstract:
Finding potential security weaknesses in any complex IT system is an important and often challenging task best started in the early stages of the development process. We present a method that transforms this task for FPGA designs into a reinforcement learning (RL) problem. This paper introduces a method to generate a Markov Decision Process based RL model from a formal, high-level system description (formulated in the domain-specific language) of the system under review and different, quantified assumptions about the system’s security. Probabilistic transitions and the reward function can be used to model the varying resilience of different elements against attacks and the capabilities of an attacker. This information is then used to determine a plausible data exfiltration strategy. An example with multiple scenarios illustrates the workflow. A discussion of supplementary techniques like hierarchical learning and deep neural networks concludes this paper.
35
Yu, Jiyong, Mengjia Yan, Artem Khyzha, Adam Morrison, Josep Torrellas, and Christopher W. Fletcher. "Speculative taint tracking (STT)." Communications of the ACM 64, no. 12 (December 2021): 105–12. http://dx.doi.org/10.1145/3491201.
Full textAbstract:
Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. This paper proposes speculative taint tracking (STT), a high security and high performance hardware mechanism to block these attacks. The main idea is that it is safe to execute and selectively forward the results of speculative instructions that read secrets, as long as we can prove that the forwarded results do not reach potential covert channels. The technical core of the paper is a new abstraction to help identify all micro-architectural covert channels, and an architecture to quickly identify when a covert channel is no longer a threat. We further conduct a detailed formal analysis on the scheme in a companion document. When evaluated on SPEC06 workloads, STT incurs 8.5% or 14.5% performance overhead relative to an insecure machine.
36
Fakiha, Bandr Siraj. "Forensic analysis of bad USB attacks: A methodology for detecting and mitigating malicious USB device activities." Edelweiss Applied Science and Technology 8, no. 5 (September 19, 2024): 1090–100. http://dx.doi.org/10.55214/25768484.v8i5.1809.
Full textAbstract:
BadUSB is one of the most dangerous cybersecurity threats, given that it uses the firmware of USB devices to perform various undetectable actions with numerous tools. This research aims to evaluate the efficiency of different forensic approaches, such as signature-based detection, behavioral analysis, and the machine learning (ML) approach, in detecting and analyzing BadUSB attacks. Experiments were conducted with preconfigured USB peripherals to perform keystroke injection, data exfiltration, malware delivery, and network traffic manipulation. The analysis shows that the behavioral analysis and the ML-based methods show high detection accuracy and low false positives. Machine learning detection is the most efficient method. Behavioral analysis had higher accuracy in detecting abnormal device behavior but had a longer detection time than the ML methods. This research beneficently addresses the issues and challenges in the field of digital forensics and calls for further improvement in the detection methods. It proposes ways to implement these methods within the existing cybersecurity models. Future studies should focus on the best approaches to fine-tune these techniques, diversify datasets for machine learning detection methods, and advance methodologies in forensics to accommodate new generations of technologies like the Internet of Things and cloud systems.
37
Haytham.B. Alaboodi. "Challenges and Recommendations for Improving Blockchain-Based Bank Transfer Security in 5G IoT Applications." Journal of Electrical Systems 20, no. 11s (November 16, 2024): 1642–52. https://doi.org/10.52783/jes.7559.
Full textAbstract:
Blockchain technology in 5G IoT applications may improve security and efficiency. This paper examines blockchain-based bank transfer security problems and solutions for IoT applications. The security improvement framework we propose uses modern cryptographic algorithms and efficient consensus procedures for 5G-enabled IoT devices. Simulations show a 35% increase in transaction validation speed, from 2.3 seconds to 1.5 seconds. The framework also reduces energy usage per transaction by 42%, making it better for resource-constrained IoT devices. Bank transfer security indicators including fraud detection accuracy and data integrity increased 28% and 22%, respectively. A standardized threat simulation environment shows that the suggested architecture boosts DDoS resistance by 30%. Scalability, interoperability, and regulatory compliance remain issues despite these advances. This article suggests adaptive scaling algorithms, cross-platform integration solutions, and a compliance roadmap. The suggested methods seek to improve bank transfer security in 5G-enabled IoT environments and promote blockchain technology. It also raises awareness about vulnerabilities in IoT networks, including DDoS attacks and man-in-the-middle attacks, and the risks associated with reliance on third-party service providers. The study focuses on designing complete and adjustable protection for secure IoT and sensor networks, with the network layer sending digital information to the IoT system's server, the internet layer acting as a gateway between computers, and the application layer processing information displayed in the user interface. The paper investigates stealthy data exfiltration on IoT and presents a realistic assault approach and potential implementation strategy. The need for collaboration among enterprises, governments, and network operators is discussed, along with the need for standardized security standards, measures like end-to-end encryption and network segmentation, and education and awareness campaigns to address security concerns. The study explores the vulnerability of IoT devices to attacks, focusing on wireless protocols like Bluetooth and Zigbee. Researchers used two samples of smart light bulbs to analyze their light intensity, revealing that patterns can be seen in a single color at all times. Cross-domain attacks, such as clock mute and clock split attacks, are demonstrated using the I2C master-slave interface. The ADobf method, an obfuscated Trojan detection method, is introduced to mitigate clock attacks in I2C communication. Experimental results were evaluated using Verilog HDL and 45nm FreePDK technology. Finally, this work also explores the security risks posed by IoT devices in both civil and industrial applications, identifying protocol flaws and proposing solutions for analog-based hardware Trojans (HT) activity. The authors use Bluetooth low-energy protocols of smart bulbs to covertly exfiltrate data in conversationally secure air-gapped networks, using the GATT and General Access Profile layers of the protocol hierarchy to implement covert data channels and control the device.
38
Anam, Fahri Choirul, Gusti Made Arya Sasmita, and I. Putu Agus Eka Pratama. "Implementation of Security Information and Event Management (SIEM) for Monitoring IT Assets Using Alienvault OSSIM (Case Study: Udayana University Information Resources Unit)." JITTER : Jurnal Ilmiah Teknologi dan Komputer 4, no. 3 (November 19, 2023): 1956. http://dx.doi.org/10.24843/jtrti.2023.v04.i03.p03.
Full textAbstract:
One way that can be done to analyze cyber security equipment is by monitoring the logs it generates. Meanwhile, to be able to analyze the logs generated from each equipment requires a long time and has a high level of difficulty. When the management of the cyber security system is not going right, it causes the failure of the cyber security system. So a defense mechanism is needed on managing the log called Security Information and Event Management (SIEM) using Alienvault OSSIM tools. Threat Monitoring or monitoring of security threats in the Cyber world, is used to analyze, evaluate, and monitor network threats and as an end point for organizations to provide evidence of security threats, such as network intrusions, data exfiltration, ransomware and other malware attacks. The limitations of the problems carried out in this study were limited to Threat Monitoring using Alienvault OSSIM. There are 6 servers at the Udayana University Information Resources Unit (USDI) that are being monitored. Monitoring was carried out for 3 months. There were 230,622 Events or events that were collected as a whole. IT assets that have the most logs during monitoring are owned by DNS Servers with a total of 200,424 Events. There are 11 Event Names and 34 event logs that are discussed. The log is packaged in the form of a report along with an explanation, of course it can assist administrators in evaluating their IT assets. There is also an email notification feature using Gmail. Overall there are no attacks that are so significant with the low risk category. Alienvault OSSIM is proven to be able to carry out monitoring processes in real time properly and can help USDI to monitor the activities of its IT assets.
39
Chinedu Jude Nzekwe and Christopher J Ozurumba. "Advanced modelling techniques for anomaly detection: A proactive approach to database breach mitigation." International Journal of Science and Research Archive 13, no. 2 (December 30, 2024): 2839–909. https://doi.org/10.30574/ijsra.2024.13.2.2511.
Full textAbstract:
The increasing sophistication of cyber threats necessitates advanced approaches to database protection, with anomaly detection emerging as a cornerstone of modern cybersecurity strategies. This paper delves into cutting-edge modelling techniques, such as neural networks and Bayesian inference, for identifying anomalies in database environments. These techniques enhance the detection of malicious activities, including SQL injection attacks, unauthorized access, and data exfiltration attempts, which traditional rule-based systems often fail to capture. Neural networks, with their ability to analyse complex patterns in large datasets, enable the identification of subtle deviations indicative of potential threats. Coupled with Bayesian inference, which calculates the probability of anomalous events based on prior knowledge, these techniques provide a robust framework for detecting irregularities in real-time. Together, they offer superior performance in distinguishing genuine threats from benign anomalies, reducing false positives and improving response times. This study also explores the synergy between advanced anomaly detection methods and existing database protection measures, such as encryption and access control. By integrating these techniques into real-time monitoring systems, organizations can create comprehensive security architectures capable of adapting to evolving threats. Case studies from industries such as finance, healthcare, and e-commerce illustrate the practical benefits of this approach, showcasing enhanced breach mitigation and minimized data loss. The paper concludes by emphasizing the necessity of adopting proactive, analytics-driven solutions in database security. Advanced modelling techniques not only improve threat detection and response capabilities but also strengthen the overall resilience of database systems in an increasingly complex cyber landscape.
40
Martins, Cláudio, and Ibéria Medeiros. "Generating Quality Threat Intelligence Leveraging OSINT and a Cyber Threat Unified Taxonomy." ACM Transactions on Privacy and Security 25, no. 3 (August 31, 2022): 1–39. http://dx.doi.org/10.1145/3530977.
Full textAbstract:
Today’s threats use multiple means of propagation, such as social engineering, email, and application vulnerabilities, and often operate in different phases, such as single device compromise, lateral network movement, and data exfiltration. These complex threats rely on advanced persistent threats supported by well-advanced tactics for appearing unknown to traditional security defenses. As organizations realize that attacks are increasing in size and complexity, cyber threat intelligence (TI) is growing in popularity and use. This trend followed the evolution of advanced persistent threats, as they require a different level of response that is more specific to the organization. TI can be obtained via many formats, with open-source intelligence one of the most common, and using threat intelligence platforms (TIPs) that aid organizations to consume, produce, and share TI. TIPs have multiple advantages that enable organizations to quickly bootstrap the core processes of collecting, analyzing, and sharing threat-related information. However, current TIPs have some limitations that prevent their mass adoption. This article proposes AECCP, a platform that addresses some of the TIPs limitations. AECCP improves quality TI by classifying it accordingly a single unified taxonomy , removing the information with low value, enriching it with valuable information from open-source intelligence sources, and aggregating it for complementing information associated with the same threat. AECCP was validated and evaluated with three datasets of events and compared with two other platforms, showing that it can generate quality TI automatically and help security analysts analyze security incidents in less time.
41
Anbalagan, E., Dr P. S. V. Srinivasa Rao, Dr Amarendra Alluri, Dr D. Nageswari, and Dr R. Kalaivani. "Improving Intrusion Detection using Satin Bowerbird Optimization with Deep Learning Model for IIoT Environment." International Journal of Electrical and Electronics Research 12, no. 1 (March 20, 2024): 219–27. http://dx.doi.org/10.37391/ijeer.120131.
Full textAbstract:
Intrusion Detection in the Industrial Internet of Things (IIoT) concentrations on the security and safety of critical structures and industrial developments. IIoT extends IoT principles to industrial environments, but linked sensors and devices can be deployed for monitoring, automation, and control of manufacturing, energy, and other critical systems. Intrusion detection systems (IDS) in IoT drive to monitor network traffic, device behavior, and system anomalies for detecting and responding to security breaches. These IDS solutions exploit a range of systems comprising signature-based detection, anomaly detection, machine learning (ML), and behavioral analysis, for identifying suspicious actions like device tampering, unauthorized access, data exfiltration, and denial-of-service (DoS) attacks. This study presents an Improving Intrusion Detection using Satin Bowerbird Optimization with Deep Learning (IID-SBODL) model for IIoT Environment. The IID-SBODL technique initially preprocesses the input data for compatibility. Next, the IID-SBODL technique applies Echo State Network (ESN) model for effectual recognition and classification of the intrusions. Finally, the SBO algorithm optimizes the configuration of the ESN, boosting its capability for precise identification of anomalies and significant security breaches within IIoT networks. By widespread simulation evaluation, the experimental results pointed out that the IID-SBODL technique reaches maximum detection rate and improves the security of the IIoT environment. Through comprehensive experimentation on both UNSW-NB15 and UCI SECOM datasets, the model exhibited exceptional performance, achieving an average accuracy of 99.55% and 98.87%, precision of 98.90% and 98.93%, recall of 98.87% and 98.80%, and F-score of 98.88% and 98.87% for the respective datasets. The IID-SBODL model contributes to the development of robust intrusion detection mechanisms for safeguarding critical industrial processes in the era of interconnected and smart IIoT environments.
42
Mundt, Michael, and Harald Baier. "Threat-based Simulation of Data Exfiltration Towards Mitigating Multiple Ransomware Extortions." Digital Threats: Research and Practice, October 29, 2022. http://dx.doi.org/10.1145/3568993.
Full textAbstract:
Network-based attacks and their mitigation are of increasing importance in our ever-connected world. Often network-based attacks address valuable data, which the attacker either encrypts to extort ransom or steals to make money reselling, or both. After the infamous WannaCry and NotPetya ransomware attacks in 2017, companies stepped up their cyber defenses. More emphasis was placed on backup and recovery processes so that even when files were destroyed, organizations had copies for quick recovery. However, cyber criminals have also adapted their methods. Instead of simply encrypting files, double extortion ransomware now exfiltrates the data first, before encrypting it. As a consequence the early detection and prevention of data exfiltration is one of today’s major challenges of institutions connected to the Internet. If attempts to illegal data exfiltration are successfully detected, the attacked institution should address a probable subsequent encryption attack step, too. In particular, valuable business assets must be checked for unauthorized access and need to be protected. However, due to the bulk of network traffic and persistent data, automation is a key requirement to successfully defend contemporary threats. The main goal of this article is to present a concept and its initial evaluation to achieve automation of data exfiltration mitigation in a targeted manner. Our concept consists of two main steps. Based on recognized international approaches used in Cyber Threat Intelligence (CTI), an automatic procedure on base of the MITRE ATT&CK framework for deriving current threats with respect to data exfiltration is presented in the first place. In the spirit of the DTRAP forum, a practical approach is chosen in addition to the theory in this manner. Our evaluation reveals that we are able to automatically identify the most relevant recent risks of unauthorized data exfiltration. In our second step we present the design of a simulation gear based on the attacks extracted from the MITRE ATT&CK framework. The aim is to simulate the greatest threats before they actually occur in the operational environment. The strict focus on the threats of data exfiltration characterizes our solution and makes our approach an ideal addition to existing solutions. We provide an evaluation of this initial simulation concept and its underlying technology for the implementation to show that we are on the right track.
43
Leevy, Joffrey L., John Hancock, Taghi M. Khoshgoftaar, and Jared M. Peterson. "IoT information theft prediction using ensemble feature selection." Journal of Big Data 9, no. 1 (January 6, 2022). http://dx.doi.org/10.1186/s40537-021-00558-z.
Full textAbstract:
AbstractThe recent years have seen a proliferation of Internet of Things (IoT) devices and an associated security risk from an increasing volume of malicious traffic worldwide. For this reason, datasets such as Bot-IoT were created to train machine learning classifiers to identify attack traffic in IoT networks. In this study, we build predictive models with Bot-IoT to detect attacks represented by dataset instances from the Information Theft category, as well as dataset instances from the data exfiltration and keylogging subcategories. Our contribution is centered on the evaluation of ensemble feature selection techniques (FSTs) on classification performance for these specific attack instances. A group or ensemble of FSTs will often perform better than the best individual technique. The classifiers that we use are a diverse set of four ensemble learners (Light GBM, CatBoost, XGBoost, and random forest (RF)) and four non-ensemble learners (logistic regression (LR), decision tree (DT), Naive Bayes (NB), and a multi-layer perceptron (MLP)). The metrics used for evaluating classification performance are area under the receiver operating characteristic curve (AUC) and Area Under the precision-recall curve (AUPRC). For the most part, we determined that our ensemble FSTs do not affect classification performance but are beneficial because feature reduction eases computational burden and provides insight through improved data visualization.
44
Jian Malik Hidayat, Herri Setiawan, and Tasmi. "ANALISA MALWARE PADA TRAFFIC JARINGAN BERBASIS POLA LALU LINTAS DATA MENGGUNAKAN METODE ANOMALY." PROSIDING SNAST, November 23, 2024, E250–258. https://doi.org/10.34151/prosidingsnast.v1i1.5109.
Full textAbstract:
Network security is a major challenge in the era of increasingly rapid digitalization. PDF files, which are widely used for sharing information, are often exploited by cybercriminals to insert malware. This research aims to analyze the impact of malware in PDF files on network traffic using Wireshark software. With a traffic pattern-based approach and anomaly detection, this research identifies malicious activities such as connections to servers, data exfiltration, traffic spikes, and the use of obfuscation techniques. The malware in the PDF file shows suspicious traffic patterns that include increased volume of outgoing data, and repeated data packets to certain destinations. Additionally, these activities cause significant disruption to network performance, open security gaps, and increase the risk of sensitive data leakage. Wireshark is used to capture, analyze and identify traffic anomalies in real-time. The research results show that pattern and anomaly-based analysis using Wireshark effectively improves the accuracy of PDF malware detection at the network level. These findings support the importance of applying traffic analysis methods to detect hidden cyber threats. In addition, this research makes an important contribution to the development of network analysis-based cyber attack mitigation strategies, helping organizations respond to threats more quickly and reduce potential losses. With this approach, network security can be strengthened to deal with evolving threats.
45
Yeboah-Ofori, Abel, and Francisca Afua Opoku-Boateng. "Mitigating cybercrimes in an evolving organizational landscape." Continuity & Resilience Review, March 21, 2023. http://dx.doi.org/10.1108/crr-09-2022-0017.
Full textAbstract:
PurposeVarious organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.Design/methodology/approachThe approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security.FindingsThe results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.Research limitations/implicationsThe paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations.Practical implicationsAttack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.Social implicationsThere are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.Originality/valueThe paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.
46
R, Janaki, Prathap S, Raman R, Tony Wilson I, and Yuvaraj J. "SECURE MULTI CLOUD STORAGE APPROACH FOR MULTICLOUD ENVIRONMENTS USING FOG COMPUTING." ShodhKosh: Journal of Visual and Performing Arts 4, no. 1 (June 30, 2023). https://doi.org/10.29121/shodhkosh.v4.i1.2023.2928.
Full textAbstract:
The use of cloud computing is rapidly increasing in many organizations. Cloud computing offers many advantages in terms of easy access to data at low cost. In a cloud computing environment, ensuring the security of cloud computing is a key element. Users typically store sensitive information on cloud storage providers, which may be unreliable. Since a single point of attack cannot expose all information, distributing data across different cloud storage providers (CSPs) automatically provides users with a level of control over data exfiltration. The study focuses on how to make key renewals as transparent as possible to customers, using key renewal outsourcing and a method called cloud storage auditing, which verifies it according to the Protection Security Algorithm (PSA). The propose system minimizes the burden of rekeying on the client side securely outsourced to the authorized party. a client uploads a new file to the cloud, it only needs to download the encryption private key from the TPA. In addition, our design also provides the user side with the ability to further verify the validity of the encryption private key provided by the PSA. All of these notable features have been carefully designed to make the entire audit process as transparent as possible to clients with significant risk resistance. Cloud computing formalizes this paradigm's definition and security model. Good safety performance simulations demonstrate that the detailed design instantiation is safe and efficient.
47
Açıkgözoğlu, Enes. "COMPARISON OF MACHINE LEARNING ALGORITHMS FOR DETECTION OF DATA EXFILTRATION OVER DNS." Yalvaç Akademi Dergisi, August 20, 2024. http://dx.doi.org/10.57120/yalvac.1507402.
Full textAbstract:
Nowadays, computers are indispensable for business processes and home users. The widespread use of the Internet provides convenience in many areas from education to research. However, most of the users are unaware of technical security measures and use the Internet unconsciously. This situation leads to inadequate security measures against cyber-attacks. Various trainings are organised for conscious and safe internet use, but these efforts are not enough. Therefore, artificial intelligence-based solutions that can detect cyber incidents and close security gaps are becoming necessary. DNS tunnelling is a method used by malware to leak data over the internet. Vulnerable computers can put users in difficult situations by learning IP addresses from the wrong DNS servers. Innovative methods have been developed to detect this tunnelling. Some methods can detect low and slow data leakage through DNS in real time. There are also hybrid DNS tunnelling detection systems that achieve high accuracy and F-score using packet length and specific features. Feature-based methods sensitive to cache characteristics effectively characterise DNS tunnelling traffic with low false detection rates. These methods offer effective strategies for internet security. In this study, the detection of DNS tunnelling attacks by machine learning algorithms on the CIC-Bell-DNS-EXF-2021 dataset was investigated.
48
Taofeek, Olayiwola Tokunbo, Moatsum Alawida, Abdulatif Alabdulatif, Abiodun Esther Omolara, and Oludare Isaac Abiodun. "A COGNITIVE DECEPTION MODEL FOR GENERATING FAKE DOCUMENTS TO CURB DATA EXFILTRATION IN NETWORKS DURING CYBER-ATTACKS." IEEE Access, 2022, 1. http://dx.doi.org/10.1109/access.2022.3166628.
Full text
49
Kozlenko, Oleh, and Dmytro Zibarov. "Analysis of the core research for vendor email compromise filtering model using machine learning." Theoretical and Applied Cybersecurity 5, no. 1 (September 19, 2023). http://dx.doi.org/10.20535/tacs.2664-29132023.1.284121.
Full textAbstract:
Vendor email compromise became one of most sophisticated types of social engineering attacks. Strengths of this malicious activity rely on basis of impersonating vendor that company working with. Thus, it is easy for attacker to exploit this trust for doing different type of data exfiltration or ransom. To mitigate risks, that come with these challenges, information security specialist should consider using different types of approaches, including machine learning, to identify anomalies in email, so further damages can be prevented. The purpose of this work lies in the identification of optimal approach for VEC-style attacks detection and optimizing these approaches with least amount of false-positive (FP) parameters. The object of this research is different methods of text processing algorithms, including machine learning methods for detecting VEC emails. The subject of research in this paper mainly considers impact of mentioned text processing algorithms and its relation with efficiency of VEC email classification, identifying most effective approach and, also, how to improve results of such detections. Results of this paper consists of details for VEC-email attacks detection, challenges that comes with different approaches and proposed solution, that lies in using text processing techniques and agent-related approach with main sphere of implication – machine-learning systems, that are used for identifying social-engineering attacks through email.
50
Patharkar, Anay. "Analysis of Various Malicious Payload Deployment Cables." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 07, no. 07 (July 11, 2023). http://dx.doi.org/10.55041/ijsrem24367.
Full textAbstract:
Cybercriminals and hackers are always thinking of clever, new ways to exploit your devices and you must be perpetually vigilant. A malicious cable is any cable (electrical or optical) which performs an unexpected, and unwanted function. The most common malicious capabilities are found in USB cables. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions. The worst malicious cables take control of a user’s cell phone, laptop, or desktop. Usernames and passwords are the first bits to go. Next, the connected device’s storage is emptied. Attacks through various computer ports such as Ethernet Port, if the targeted network contains faulty Ethernet (networking) cables on the attacker's path to their victim. This project gives a broad overview and a comparative study of the list of vulnerabilities in the hardware ports of a computer that can be exploited by the attackers using various malicious cables and payloads. Keywords— malicious, payloads, data infiltration, USB cables, ethernet cables, HDMI cables